The machines might one day rise against us, but for now, it’s probably just a bored teenager. ABC News reported that Ecovacs Deebot X2 owners in multiple cities were victims of a cyberattack that resulted in someone taking control of their robot vacuums to yell hateful language at families and harass animals.
The hacks took place in May of this year in El Paso, Texas, Los Angeles, and Minnesota. When ABC spoke with Daniel Swenson, one of those affected, he said that a staticky sound erupted from his robovac. He said it sounded like a “broken-up radio signal,” but that snippets of a voice could be heard. After resetting the device, the voice came back again and sounded like a teenager yelling racial slurs. Rather than reset the robovac again, Swenson turned it off.
The incident created concern that the hackers might be trying to gain access to multiple smart home devices, but Ecovacs confirmed a security breach on its end. For now, it seems, the attack on the robovacs isn’t related to a larger-scale scheme. The company provided a statement to ABC laying out the details of the attack. It said a “credential-stuffing event” was detected, all originating from one IP address in an “unusual” location.
Unfortunately, that likely means the attacker was spoofing their IP address so they couldn’t be detected. If this attack was a prank, well, it’s likely to happen again. The measures Ecovacs took are a temporary solution at best. Security researchers had attempted to reach out to Ecovacs in the past to address potential security concerns.
While disruptive, this attack had the potential to be much worse. Many robot vacuums come equipped with cameras that hackers can use to look inside homes without alerting the homeowner that their privacy has been violated. For parents, this is a point of particular concern surrounding children. Ultimately, it seems like a known security flaw was to blame, but you can take proactive measures to reduce the chances that something like this might happen to you.
Make sure your smart home devices are always fully up to date, and enable automatic updates if possible.